package com.example.controller;

import com.example.entity.ResponseBean;
import com.example.entity.UserBean;
import com.example.service.UserService;
import com.example.utils.JWTUtil;
import com.example.utils.MyRealm;
import com.example.utils.UnauthorizedException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.*;

/**
 * 演示功能接口
 */
@RestController
public class WebController {

	private static final Logger LOGGER = LogManager.getLogger(WebController.class);

	private UserService userService;

	@Autowired
	public void setService(UserService userService) {
		this.userService = userService;
	}
	//view

	/**
	 * 登录功能
	 *
	 * @param username
	 * @param password
	 * @return
	 */
	@PostMapping("/login")
	public ResponseBean login(@RequestParam("username") String username,
							  @RequestParam("password") String password) {

		UserBean userBean = userService.getUser(username);
		if (userBean.getPassword().equals(password)) {
			// 生成jwt 正常情况下 是不应该给密码放到jwt里面的,
			return new ResponseBean(200, "Login success", JWTUtil.sign(username, password));
		} else {
			throw new UnauthorizedException();
		}
	}


	/**
	 * 有查看权限的可以去访问
	 *
	 * @return
	 */
	@GetMapping("/view")
	@RequiresPermissions("view")
	public ResponseBean view() {
		return new ResponseBean(200, "你有查看权限", null);
	}

	@GetMapping("/edit")
	@RequiresPermissions("edit")
	public ResponseBean edit() {
		return new ResponseBean(200, "你有编辑权限", null);
	}

	@GetMapping("/delete")
	@RequiresPermissions("delete")
	public ResponseBean delete() {
		return new ResponseBean(200, "你有删除权限", null);
	}

	@GetMapping("/insert")
	@RequiresPermissions("insert")
	public ResponseBean insert() {
		return new ResponseBean(200, "你有新增权限", null);
	}


	@GetMapping("/article")
	public ResponseBean article() {
		Subject subject = SecurityUtils.getSubject();
		if (subject.isAuthenticated()) { // 如果有身份就返回true 否则就返回false

			return new ResponseBean(200, "您已经登录了", null);
		} else {
			return new ResponseBean(200, "您是客人,没有登录", null);
		}
	}

	@GetMapping("/require_auth")
	@RequiresAuthentication
	public ResponseBean requireAuth() {
		return new ResponseBean(200, "You are authenticated", null);
	}

//	@RequiresPermissions

	/**
	 * 用户角色可以访问
	 *
	 * @return
	 */
	@GetMapping("/user")
	@RequiresRoles("user")
	public ResponseBean user() {
		return new ResponseBean(200, "用户权限可以查看到这里", null);
	}

	/**
	 * admin角色才能访问
	 *
	 * @return
	 */
	@GetMapping("/admin")
	@RequiresRoles("admin")
	public ResponseBean admin() {
		return new ResponseBean(200, "admin权限可以查看到这里", null);
	}


	@GetMapping("/visitor")
//	@RequiresRoles("visitor")
	public ResponseBean visitor() {
		return new ResponseBean(200, "我是游客,不需要token校验也能访问", null);
	}


	@GetMapping("/require_permission")
	@RequiresPermissions(logical = Logical.OR, value = {"view", "edit"})
	public ResponseBean requirePermission() {
		return new ResponseBean(200, "You are visiting permission require edit,view", null);
	}


	/**
	 * 跳着到401地址
	 *
	 * @return
	 */
	@RequestMapping(path = "/401")
	@ResponseStatus(value = HttpStatus.UNAUTHORIZED)
	public ResponseBean unauthorized() {
		String errorMessage = "您没有权限";
		try {
			errorMessage = MyRealm.errorMessageThreadLocal.get();
		} finally {
			MyRealm.errorMessageThreadLocal.remove();
		}

		return new ResponseBean(401, errorMessage, null);
	}

}